Using Data Science to block hackers

Executive Summary

Winder Research was engaged by Bitsensor to research and implement Data Science algorithms that could automate the detection and classification of web attackers. After gathering data, researching a Machine Learning solution and implementing Cloud-Native software, we delivered three new features:

  • Tool classification - detect which automated tools were being used to perform the attack
  • Attacker grouping - provide the capability of detecting distributed attacks by the same attacker
  • Killchain classification - establish the phase of an attack (e.g. reconnaissance, exploitation, etc.)

Client

Bitsensor is a startup in the Netherlands that specialises in protecting public-facing websites and applications. They distribute their web-application firewall product to a range of customers throughout Europe. The goal is to provide an outstanding out-of-the-box experience that can protect exposed services from hackers, with little setup.

Problem

Despite fulfilling an industry need, Bitsensor needed to innovate in order to compete. This is due to similar, but less capable products from larger vendors. They needed several competitive differentiators in order to compete with brands with a higher visibility.

Bitsensor expected that our experienced team would focus on providing value for their customers. Their engineers were already busy delivering the core product, so they needed someone that was capable of both research and implementation. They wanted help defining what is and isn’t possible given the limited data they have.

Bitsensor chose Winder Research to help them solve these problems. We were chosen due to our unrivalled ability to deliver complex Data Science solutions in a simple production-ready implementation.

Solution

The first challenge was to establish which features would add the most value to the Bitsensor product. Through a series of client and customer interviews we helped define customer needs and ranked them according to value and cost. These were tool detection, attacker grouping and killchain detection (killchain refers to the phase of the attack). After picking the top 3 new features we began work on collecting data.

In many projects the data required to solve a problem is not immediately available. This was also the case here. We helped Bitsensor to discover and produce the data that we believe we required in order to solve the three problems. Through a collaborative effort, we managed to gather highly valuable datasets that will help Bitsensor long into the future.

Next, using the data we collected, we performed a series of research that was specific to each problem. This involved defining the state of the art, performing data analysis and data engineering, constructing various models and evaluating their performance.

During the research phase, regular reports were produced demonstrating results and value. The client was constantly involved, helping by providing domain expertise and direction.

One the research proved that each solution was viable, we began work on implementation. Using a range of Cloud-Native concepts and technologies we developed isolated, self-contained applications. These were then plugged into their product. This whole process occurred over a number of months.

Results

The minimum viable process resulted in three fully integrated features that provided significant technical capabilities. These provide competitive differentiators that power sales today.

The robustness provided by the detailed Data Science and simple implementation meant that little maintenance is required. And when it is the documentation provided in the form of Data Science notebooks allows engineers to understand the decisions and implementation.


EMail

web@WinderResearch.com

Registered Address

Winder Research and Development Ltd.,

Adm Accountants Ltd, Windsor House,

Cornwall Road,

Harrogate,

North Yorkshire,

HG1 2PW,

UK

Registration Number

08762077

VAT Number

GB214263735
© Winder Research and Development Ltd. 2016-2018; all rights reserved.